[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

To: tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
From: Markus Koch <niftybunny@xxxxxxxxxxxxxx>
Date: Sun, 9 Oct 2016 02:00:04 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 08 Oct 2016 20:00:56 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=aIjUdRtc3m9qDRsZsD1Me8eiyzif0XCLhG/S5FPGlrU=; b=V6W0B8ElTlyhYJNqdvV/4d1Bwn6cmpxjnFRCTJgP4ICwz8HUcYgG6zdlL21S6l04Jh 1ceSoGyK89nc+xynVPXypfVoXsFsxfoG0N7oGwDnRkOcqF0OWps0cSSGUkKSg2TmOWk1 9aMcfBwn4+b8iCEMFIIlR2lCQlynEcR8UmUCGB1UqeMxJbMw8hf3d4AysQZNyYG5B3sZ C8ukpamIkBYfIBiAzm0zkYiLTHgDGjAF/Y2wD5f959dezMLQKmMsSzapaJNlBbt9sMKc 52OC47YJikqarnjENQq1D8iKz6QzmyhDg12Z6cAnZDNvNbemWUhtYgzfHswh9y1TzRKo o37g==
In-reply-to: <86FD0180-C22D-481A-B236-549F51C7C362@gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <07cb3c0b-8f04-5068-6914-cdf1eaa3e766@riseup.net> <9c712fac-bcd4-41eb-0aeb-f4b2bf03d967@web.de> <CA709144-51E7-485B-B87B-1599DF978545@brazoslink.net> <20161004194234.GB17094@moria.seul.org> <Vhw.aI2o.5T3qSOk7W3J.1Nz1C1@seznam.cz> <8e7f739a-7879-099b-a1c1-792b9ce089b5@horus-it.de> <VnI.aI2{.6Clab1ZXq93.1Nz2LK@seznam.cz> <C263492D-5C73-4BF9-985B-ED2A449DE350@googlemail.com> <W42.aI2E.1Wf3C1ftsrA.1NzATB@seznam.cz> <B4EB4AB0-AEFE-473F-A732-6AA2A9C18708@gmail.com> <CAAd2PDJDneFj4hCeocLGdnYsxvnMQ1Hd2nzpQvhZb67_riBgnQ@mail.gmail.com> <1TM.aI45.5w2C}825cSY.1NzYHR@seznam.cz> <CAAd2PDKOm7eO6buKJ+zD3Ca_ypNA5fQgvPvGmE7j9xwBuQeqjw@mail.gmail.com> <86FD0180-C22D-481A-B236-549F51C7C362@gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Would not help. These are bots, you can slow them down but this will
not stop them at all.

Markus


2016-10-09 1:57 GMT+02:00 teor <teor2345@xxxxxxxxx>:
>
>> On 7 Oct 2016, at 05:07, Green Dream <greendream848@xxxxxxxxx> wrote:
>>
>> If we're going to change anything I think it needs to happen within
>> Tor software. Operators could leverage the existing "Exitpolicy
>> reject" rules, or Tor could add functionality there if it's missing.
>> Whatever we do, I think it needs to be uniform and transparent.
>
> I had a conversation with someone at the recent tor meeting about
> rate-limiting Tor traffic. There are all sorts of drawbacks (blocking
> popular sites, for example), but I wonder if there are rate-limiting
> settings that would eliminate the majority of abuse reports based on
> default fail2ban and similar reporting system settings.
>
> For example, I wonder if the complaints I receive about SSH could be
> eliminated by slowing down repeated SSH connections to the same host
> by a second or so.
>
> Clearly more research is needed to work out if this is even feasible,
> and, if it is, what rate limits should apply to what ports.
>
> T
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
>
>
>
>
>
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: teor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Tristan

References:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Mirimir
- [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: pa011
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: BlinkTor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Roger Dingledine
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Markus Koch
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: teor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Green Dream
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Green Dream
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: teor

Prev by Author: Re: [tor-relays] TOR Services on Microsoft Azure
Next by Author: Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Previous by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Index(es):
- Author
- Thread